diff --git a/.gitignore b/.gitignore
index 797b713..e258e80 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,4 +5,5 @@ terraform.tfvars
 todos.md
 .DS_Store
 files/user_data_compiled.sh
-tmp/
\ No newline at end of file
+tmp/
+temp/
\ No newline at end of file
diff --git a/files/vault_credentials_template.sh b/files/vault_credentials_template.sh
index 6dba386..9f0aedc 100644
--- a/files/vault_credentials_template.sh
+++ b/files/vault_credentials_template.sh
@@ -2,5 +2,5 @@
 
 # This grabs the encrypted credentials file and decrypts it.
 
-aws --profile ${AWS_PROFILE} --region ${AWS_REGION} s3 cp s3://${AWS_S3_BUCKET}/vault_creds_encrypted ./tmp/vault_creds_encrypted
-aws --profile ${AWS_PROFILE} --region ${AWS_REGION} kms decrypt --key-id ${AWS_KMS_KEY_ID} --ciphertext-blob fileb://tmp/vault_creds_encrypted --output text --query Plaintext | base64 --decode > ./tmp/vault_creds_decrypted
+aws --profile ${AWS_PROFILE} --region ${AWS_REGION} s3 cp s3://${AWS_S3_BUCKET}/vault_creds_encrypted ./temp/vault_creds_encrypted
+aws --profile ${AWS_PROFILE} --region ${AWS_REGION} kms decrypt --key-id ${AWS_KMS_KEY_ID} --ciphertext-blob fileb://temp/vault_creds_encrypted --output text --query Plaintext | base64 --decode > ./temp/vault_creds_decrypted
diff --git a/outputs.tf b/outputs.tf
index c03949e..b3bd722 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -1,6 +1,6 @@
 # Here for debugging the compiled userdata.sh file.
 resource "local_file" "userdata_compiled" {
-  content = templatefile("${path.module}/files/userdata_template.sh", {
+  content = templatefile("${path.root}/files/userdata_template.sh", {
     VAULT_VERSION = var.vault_version
     VAULT_CLUSTER_NAME = var.main_project_tag
     VAULT_DNS = var.domain_name
@@ -9,18 +9,18 @@ resource "local_file" "userdata_compiled" {
     VAULT_DYNAMODB_TABLE = var.dynamodb_table_name # dynamodb resource doesn't return name....
     VAULT_S3_BUCKET_NAME = aws_s3_bucket.vault_data.id
   })
-  filename = "${path.module}/tmp/userdata_compiled.sh"
+  filename = "${path.root}/temp/userdata_compiled.sh"
 }
 
 # Output the vault credentials script
 resource "local_file" "vault_credentials" {
-  content = templatefile("${path.module}/files/vault_credentials_template.sh", {
+  content = templatefile("${path.root}/files/vault_credentials_template.sh", {
     AWS_PROFILE = var.aws_profile
     AWS_REGION = data.aws_region.current.name
     AWS_S3_BUCKET = aws_s3_bucket.vault_data.id
     AWS_KMS_KEY_ID = aws_kms_key.seal.key_id
   })
-  filename = "${path.module}/tmp/vault_credentials.sh"
+  filename = "${path.root}/temp/vault_credentials.sh"
 }
 
 # Load Balancer DNS - You need to CNAME or Alias this.
diff --git a/variables.tf b/variables.tf
index 451c7a0..078a2f6 100644
--- a/variables.tf
+++ b/variables.tf
@@ -174,9 +174,9 @@ variable "private_mode" {
   default = false
 }
 
-## A VPC in the SAME AWS Account AND Region as your Vault deployment.  It MUST have "enable dns hostnames" active AND it cannot use the same CIDR block as the Vault VPC.
-variable "peered_vpc_id" {
-  description = "ID of a VPC that can access the Vault VPC and thus access vault privately."
-  type = string
-  default = ""
+## A VPC in the SAME AWS Account and REGION as your Vault deployment.  The VPCs MUST have "enable dns hostnames" active AND cannot use the same CIDR block as the Vault VPC.
+variable "peered_vpc_ids" {
+  description = "A list of of a VPC IDs that can access the Vault VPC and thus access vault privately."
+  type = list(string)
+  default = []
 }
\ No newline at end of file
diff --git a/vpc.tf b/vpc.tf
index 5170d54..52dee33 100644
--- a/vpc.tf
+++ b/vpc.tf
@@ -265,20 +265,20 @@ resource "aws_vpc_endpoint" "dynamodb" {
 
 
 # VPC Peering
-## Enabled in Private Mode only.
+## Enabled in Private Mode only.  Allows other VPCs in the same account and region to access your Vault VPC.
 
 ## Data from Peered VPC (AKA the external VPC we're letting in)
 data "aws_vpc" "peered_vpc" {
-  count = var.private_mode ? 1 : 0
+  count = var.private_mode && length(var.peered_vpc_ids) > 0 ? length(var.peered_vpc_ids) : 0
 
-  id = var.peered_vpc_id
+  id = var.peered_vpc_ids[count.index]
 }
 
-## Peering Connection
+## Peering Connections
 resource "aws_vpc_peering_connection" "vault" {
-  count = var.private_mode ? 1 : 0
+  count = var.private_mode && length(var.peered_vpc_ids) > 0 ? length(var.peered_vpc_ids) : 0
 
-  peer_vpc_id = var.peered_vpc_id
+  peer_vpc_id = var.peered_vpc_ids[count.index]
   vpc_id = aws_vpc.vault.id
   auto_accept = true
 
@@ -291,27 +291,28 @@ resource "aws_vpc_peering_connection" "vault" {
   }
 
   tags = merge(
-    { "Name" = "${var.main_project_tag}-vpc-peering-connection"},
+    { "Name" = "${var.main_project_tag}-vpc-peering-connection-${count.index + 1}"},
     { "Project" = var.main_project_tag },
     var.vpc_tags
   )
 }
 
-## Peering Connection for the VAULT Route Table
+## Peering Connection Routes for the VAULT Route Table
 resource "aws_route" "requester_peering_route" {
-  count = var.private_mode ? 1 : 0
+  count = var.private_mode && length(var.peered_vpc_ids) > 0 ? length(var.peered_vpc_ids) : 0
 
   route_table_id = aws_route_table.public.id
-  destination_cidr_block = data.aws_vpc.peered_vpc[0].cidr_block
-  vpc_peering_connection_id = aws_vpc_peering_connection.vault[0].id
+  destination_cidr_block = data.aws_vpc.peered_vpc[count.index].cidr_block
+  vpc_peering_connection_id = aws_vpc_peering_connection.vault[count.index].id
 }
 
-## Peering Connection for the External VPC Route Table to allow Vault Traffic
-## Note: this associates it to the external VPC's MAIN ROUTE TABLE.  If you want it associated to a different route table, you'll have to do so manually.
+## Peering Connection Routes for the External VPC Route Tables to allow Vault Traffic
+## Note: this associates it to the external VPC's MAIN ROUTE TABLE.
+## If you want it associated to a different route table, you'll have to do so manually or set the table you want as the main route table.
 resource "aws_route" "accepter_peering_route" {
-  count = var.private_mode ? 1 : 0
+  count = var.private_mode && length(var.peered_vpc_ids) > 0 ? length(var.peered_vpc_ids) : 0
 
-  route_table_id = data.aws_vpc.peered_vpc[0].main_route_table_id
+  route_table_id = data.aws_vpc.peered_vpc[count.index].main_route_table_id
   destination_cidr_block = aws_vpc.vault.cidr_block
-  vpc_peering_connection_id = aws_vpc_peering_connection.vault[0].id
+  vpc_peering_connection_id = aws_vpc_peering_connection.vault[count.index].id
 }
\ No newline at end of file